A First Look Into the PhishTank

PhishTank's first monthly report shows the US as the main source of phishing exploits and lists the top ten ISPs hosting phishers

PhishTank, the neighborhood watch site for phishing exploits, has released its first round of monthly statistics on the phishing exploits it collected last month.

Out of the 7,061 suspected phishes submitted to the PhishTank site, 3,678 were confirmed, but another 2,505 went offline before they could be validated by the site.

PhishTank is a public clearinghouse for phishing emails and URLs run by OpenDNS, where users and Web developers can post and track phishes. (See DNS Gets Anti-Phishing Hook and Phishers Launch Zero-Day Exploits.)

David Ulevitch, president of OpenDNS, has touted PhishTank as a way for the public to become part of the process of helping to combat phishing. "Any other system out there is a black box you throw the phish into and you don't know what happens to it." It's free, and anyone can submit a suspected phish, track its status, and help others verify their submissions.

In October, 79 percent of the phishing attempts validated by PhishTank used a domain name, and 21 percent, an IP address.

Which brands were by far spoofed the most? You guessed it: PayPal (1,493 phishes) and eBay (1,210 phishes). Next in line were Barclays Bank (321), Fifth Third Bank (203), Volksbanken Raiffeisenbanken (191), Bank of America (188), Wells Fargo (133), Key Bank (111), JP Morgan Chase (104), and Citibank (48).

The top ten ISPs that hosted the most phishing attempts were (in order): Hanaro Telecom, National Internet Backbone, TELESC Telecomunicacoes de Santa Catarina SA, EMCATEL, Instituto Costarricense de Electricidad y Telecom, CQNET Chongqing Broadband Networks, Futures Cable Television, SAVVIS Savvi, CANTV Servicios, MobiFon S.A.

Demographically, 24 percent of the phishing exploits came from the U.S., 14 percent from South Korea, and 8 percent from India. The rest were spread fairly evenly among China (6 percent), Great Britain (4 percent), Germany (4 percent), Brazil (4 percent), Russia (3 percent), Costa Rica (3 percent), and Columbia (3 percent). Other countries represented less than 2 percent of the phishing exploits, according to the PhishTank numbers.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • OpenDNS